Constant Mutation

Constant mutation replaces the numeric constants in your Android app with arithmetic expressions, so the original values never appear in the bytecode.

  • AndroidAndroid
Start free
See it in ByteHide Shield
TL;DR

Constant mutation replaces literal numbers in your Android application with arithmetic expressions that evaluate to the same value. The constant is computed at runtime instead of stored, so an attacker decompiling the bytecode cannot read it directly.

Definition

What is constant mutation?

Constant mutation is an obfuscation technique that removes literal numeric values from Android bytecode by replacing each with an arithmetic expression that produces it.

Constants in an app often reveal intent. Sizes, thresholds, identifiers, and magic numbers are clues to how the code works, and they are simple to spot in decompiled bytecode.

Constant mutation replaces each literal with an expression that evaluates to the same number at runtime. The value is computed, not stored, so it cannot be read straight from the decompiled code.

Mechanism

How constant mutation works

Constant mutation transforms numeric literals in the bytecode:

  • Expression replacement. Each constant is replaced with an arithmetic expression that computes it.

  • Runtime evaluation. The value is produced when the code runs, not embedded as a literal.

  • Equivalence guarantee. Each expression is verified to yield the original value exactly.

The decompiled bytecode shows expressions, not the meaningful numbers behind them.

Example

Constant mutation example

The same Android constants, before and after mutation. The runtime values are identical.

Original

A meaningful constant appears in decompiled bytecode as a plain number. An attacker reads it and understands its purpose.

Mutated

The same constant is now an arithmetic expression evaluated at runtime. The number is gone from the bytecode.

Original
object Config {
    const val SESSION_TIMEOUT = 3600
    const val MAX_RETRIES = 5
}
Mutated
object Config {
    val SESSION_TIMEOUT = (60 shl 6) - 96
    val MAX_RETRIES = (1 shl 2) + 1
}

Use cases

When to use constant mutation

Constant mutation is most useful when your Android application:

  • Uses numeric constants that reveal how logic works.
  • Contains thresholds, identifiers, or magic values worth hiding.
  • Has already been renamed and string-encrypted and needs numeric data protected too.

It pairs with string encryption and name obfuscation to hide names, text, and numbers together.

Platform availability

Constant mutation and the Android platform

  • Android

    Mutation of numeric constants into arithmetic expressions. On .NET the equivalent protection is constants disintegration, and on JavaScript and iOS, arithmetic obfuscation.

Related

Related Shield protections

Frequently asked questions

What is constant mutation?
Constant mutation is an Android obfuscation technique that replaces numeric constants with arithmetic expressions evaluated at runtime, so the original values do not appear in the decompiled bytecode.
Does constant mutation affect performance?
The overhead is small, since constants are computed instead of read. The level is configurable.
Does constant mutation change results?
No. Every expression is verified to compute exactly the original value.
How is constant mutation different from constants disintegration?
They serve the same goal on different platforms. Constant mutation is the Android protection. Constants disintegration is the .NET equivalent.
Which platforms support constant mutation?
Constant mutation applies to Android. .NET uses constants disintegration, and JavaScript and iOS use arithmetic obfuscation.
10,000+ developers and companies protect their applications with ByteHide

Protect your application with
ByteHide Shield

Constant mutation is one of more than 20 protections in ByteHide Shield. Apply it to your Android application.

Start free
Book a demo
ByteHide runtime dashboard showing live threat monitoring and protection metrics